With the continued proliferation of computer malware, including the ever-increasing threat of ransomare, I want to share with you my concern, and the importance of regularly doing AND checking multiple forms of data backup. Please protect your data!
Ransomware is malicious software that will attempt to infect your computer, encrypt your data, and then ask for a ransom of $500 or more to get your data back. These threats are real, serious, and can destroy your data with no way to recover unless you have good data backups.
Back up your data by two or more means. Think “3-2-1:” Three copies, two types of media, one off-site. I recommend at minimum rotating, off-site external hard drive backups which you plug in to backup, and unplug after making backups, plus at least one cloud-based backup like Carbonite or CrashPlan. Online backup cost is low, starting at $60/year for unlimited storage. Then check your backups regularly to insure that your backups are working correctly. Your backups are all you can count on to recover your data if you get struck by ransomeware, fire, theft, flood, or some other data-destroying event.
- Backup your data often, and check your backups regularly. Think “3-2-1.”
- Work day-to-day on your computer as a standard user, not as a user with administrator rights.
- Don’t allow anything to install on your computer unless you specifically asked for it or know it’s from a legitimate automatic update process.
- Use a good antivirus. For Windows I recommend Symantec Endpoint Protection, Norton Security, NOD32, or Kaspersky.
- Change your passwords periodically, make them long, complex, and unique, and store them in a good password vault like LastPass (https://lastpass.com).
- Use two-factor authentication whenever it’s offered. Example: https://www.google.com/landing/2step
- Encrypt your sensitive data. There are several good encryption solutions available.
- Encrypt your WiFi, use a good firewall/router, and keep it updated.
Marc Goodman publishes a book titled Future Crimes, which I recommend reading. Please look for his tips on http://www.futurecrimesbook.com. These tips, called The UPDATE Protocol, are a good cheat sheet of best practices on computer security.
You are responsible for your own data and online behavior, but I am here to help. Please let me know if you want help in securing your computer, online accounts and data, and/or want guidance in how to regularly check your data backups.
Hackers recently obtained many online logins and passwords, including some Gmail, Yahoo, and other mail service logins. Those at greatest risk are those who use the same password for their email as they do on other websites where their login is that same email address (which you should never do).
Change your passwords today, make them strong, don’t re-use passwords across two or more sites, consider using a good password fault like LastPass, and turn on two-factor authentication on all sites that support it.
More on this breach:
If you’re using AVG Antivirus, either the free home version or the paid home or commercial version, please update your software to the latest version as soon as possible. AVG released a statement today saying that they are offering free upgrades for paid users through the end of their subscription period in order to get the latest version installed on as many systems as possible. Free home users should update to the most recent free version ASAP. Malware attacks have become more sophisticated, prevalent, dangerous (as in the casse of Ransomware), which is part of the reason behind AVG’s move here. If you use AVG, free or paid, please update as soon as possible. Visit this link from AVG for more information.
Ransomware is a serious threat to your data, and you need to take steps to protect yourself. If infected your data is encrypted, and then a ransom note appears on your computer asking for a ransom of $500 or more to get your data back. So please back up your data.
Measures to protect yourself include not running as an administrator in Windows, not clicking on links in emails, and being suspicious or anything trying to install on your computer that you didn’t ask for. Also download apps only from known good sounces, use a good SPI-class firewall, and run a top-rated antivirus. Perhaps must important is to run a cloud backup service such as Carbonite, CrashPlan, or Backblaze. These cloud backup apps are secure, and help keep your backed up data secure from ransomware.
Becoming more and more common in Windows, now we’ve seen the first ransomsomware for MacOS. It’s embedded in a torrent client and called Transmission. I don’t recommend using torrent software at all. Read more about this serious threat here: http://www.macrumors.com/2016/03/06/mac-ransomware-transmission/
As Microsoft continues it’s push to get Windows 10 on as many devices as possible with it’s free upgrade for Windows 7 and Windows 8.1 users, the software giant has moved the Windows 10 Upgrade from the OPTIONAL Windows update list to the RECOMMENDED Windows update list. That means that if your Windows 7 or Windows 8.1 computer has automatic updates turned on (and it should), and you have asked to receive not just CRITICAL updates but also RECOMMENDED updates automatically, you will automatically be upgraded to Windows 10. One morning you will wake up, turn on your monitor, and be greeted with Windows 10 without deliberately upgrading. Read more here.
No one has ever come up with a great way for us to prove who we are when we need to gain access to our cloud accounts. There must be a better way to authenticate other than a username and a password, but until security experts come up with something better that can be widely implemented, that’s what we all use. Some cloud services we use support two-factor authentication, so that in addition to having to provide something we know (a username and a password, called first-factor) to gain access, many cloud services, including Gmail and Facebook, support two-factor authentication: Something we have. Usually this involves receiving a five-, six-, or seven-digit code from a text message sent to you, and entering it into the login screen of whatever service you’re trying to access. If your cloud services support two-factor, turn it on. If a crook guesses or gains access to your password somehow, having two-factor prevents them from accessing your cloud accounts, because it’s unlikely that they also have access to your cell phone. But not all cloud services that we use support two-factor authentication, at least not yet. So please also use strong passwords, and read this article and follow the recommendations to make your passwords themselves more secure.
Have a look at Marc Goodman’s U.P.D.A.T.E. protocol, and consider reading his book Future Crimes. He makes some good points about cyber security and how to keep yourself save and secure. Good advice, and a good read.
Windows 10’s first major update, aka the “Windows 10 Fall Update” arrives today. If you’re using Windows 10, the update should be pushed to you automatically sometime today, or you can manually grab the update from the settings menu. Read all about it here.
Concerned about security on your Android device? You should be. There is indeed malware out there for Android, as evidenced by the Stagefright malware news from back in July. And Android does have some security issues, especially with respect to older versions of Android. But what about antivirus on Android? Sure the Google Play Store is full of antivirus apps, many of which are big names that we recognize from the Windows world. But while third-party antivirus applications can work well in Windows, third-party apps on Android just don’t have the bite or power to be very effective. That’s in part because Android doesn’t give any third-party apps the sort of low-level access to the OS that Windows allows to its third-party apps. But there is some good news: Google Play Services already includes anti-virus and anti-malware code baked right in. So don’t waste your money on third-party antivirus apps for Android, they’re just not worth much. Instead keep your Android up-to-date, don’t side-load apps, and be heed any warnings that Android gives you when installing apps from the Google Play Store. And if you’re considering a new Android device, strongly consider one of the Nexus devices. These devices get Android updates directly from Google, and bypass the red tape and wait time needed to get security and other updates if you are using a carrier-branded Android device. Read more here.
Haven’t upgraded to Windows 10 yet? This might help you decide. I’ve been using Windows 10 as part of Microsoft’s Insider program since Sept. of 2014. It’s come a long way since then, and it’s very stable in its current state. It’s also very visually appealing, and now uses live tiles (aka the Modern UI) in a way that doesn’t force you into a separate user interface. In many ways Windows 10 is a return to the traditional Windows desktop environment. And, the first big update to Windows 10 is due out this month. Don’t expect plug-in support for the new Edge browser yet (that will arrive sometime in 2016), but there will be other enhancements. The most useful change may be the ability to active your Windows 10 install with a Windows 7, 8.0, or 8.1 product key. http://goo.gl/L8QnRx.